For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Aug 23, 2023

401 being sent by pool member is affect f5 apm sso config

Hi   so lets say http://test/sso/protected/changeUser => pool  backendA http://test/sso/protected/test => pool  backendA - it just dumps all the headers and cookie sent on the request   is prot...
APM Irule LTM
devops
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Aug 24, 2023

Look at your SSO config - it should be setup as OAuth Bearer. You can either send all the time, or based on a 401 response, and you can send a passthrough from the OAuth IdP, or create a new JWT.

I'd be inclined to set it to create a new JWT and see whether it sends the JWT based on server response. If so, there is probably an issue with the OAuth IdP JWT ( ie maybe it is opaque rather than JWT ) so do some logging around this and dig into it.

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Aug 24, 2023

Hi

 

Sorry I wasn't clear I send the JWT on every request - one of the request failed some logic in the code on the back and and the return was a 401. at that point APM invalidate the SSO session and blanked out the JWT and all furthor requests failed not authorised.

 

I don't want the f5 to act on the 401 sent by the back end server